www.kaspersky.co.in
Open in
urlscan Pro
77.74.178.40
Public Scan
URL:
https://www.kaspersky.co.in/resource-center/threats/ransomware-wannacry
Submission: On August 10 via manual from US — Scanned from DE
Submission: On August 10 via manual from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Skip to main content Kaspersky logo HomeBusinessPartnersAbout us My Account Americas América LatinaBrasilUnited StatesCanada - EnglishCanada - Français Africa Afrique FrancophoneAlgérieMarocSouth AfricaTunisie Middle East Middle Eastالشرق الأوسط Western Europe Belgique & LuxembourgDanmarkDeutschland & SchweizEspañaFranceItalia & SvizzeraNederlandNorgeÖsterreichPortugalSverigeSuomiUnited Kingdom Eastern Europe Česká republikaMagyarországPolskaRomâniaSrbijaTürkiyeΕλλάδα (Greece)България (Bulgaria)Россия и Белару́сь (Russia & Belarus)Україна (Ukraine) Asia & Pacific AustraliaIndiaNew ZealandViệt Namไทย (Thailand)한국 (Korea)中国 (China)香港特別行政區 (Hong Kong SAR)台灣 (Taiwan)日本語 (Japan) For all other countries Global Website HomeResource CenterThreatsWhat is WannaCry ransomware? WHAT IS WANNACRY RANSOMWARE? Is your computer vulnerable to attack from WannaCry ransomware? Read on to find out as we explore all there is to know about the WannaCry ransomware attack. In this article, you will learn: * What WannaCry ransomware is * How the WannaCry ransomware attack worked * The impact of the WannaCry ransomware attack * How to protect your computer from ransomware WANNACRY RANSOMWARE EXPLAINED WannaCry is an example of crypto ransomware, a type of malicious software (malware) used by cybercriminals to extort money. Ransomware does this by either encrypting valuable files, so you are unable to read them, or by locking you out of your computer, so you are not able to use it. Ransomware that uses encryption is called crypto ransomware. The type that locks you out of your computer is called locker ransomware. Like other types of crypto-ransomware, WannaCry takes your data hostage, promising to return it if you pay a ransom. WannaCry targets computers using Microsoft Windows as an operating system. It encrypts data and demands payment of a ransom in the cryptocurrency Bitcoin for its return. WHAT WAS THE WANNACRY RANSOMWARE ATTACK? The WannaCry ransomware attack was a global epidemic that took place in May 2017. This ransomware attack spread through computers operating Microsoft Windows. User’s files were held hostage, and a Bitcoin ransom was demanded for their return. Were it not for the continued use of outdated computer systems and poor education around the need to update software, the damage caused by this attack could have been avoided. HOW DOES A WANNACRY ATTACK WORK? The cybercriminals responsible for the attack took advantage of a weakness in the Microsoft Windows operating system using a hack that was allegedly developed by the United States National Security Agency. Known as EternalBlue, this hack was made public by a group of hackers called the Shadow Brokers before the WannaCry attack. Microsoft released a security patch which protected user’s systems against this exploit almost two months before the WannaCry ransomware attack began. Unfortunately, many individuals and organizations do not regularly update their operating systems and so were left exposed to the attack. Those that had not run a Microsoft Windows update before the attack did not benefit from the patch and the vulnerability exploited by EternalBlue left them open to attack. When it first happened, people assumed that the WannaCry ransomware attack had initially spread through a phishing campaign (a phishing campaign is where spam emails with infected links or attachments lure users to download malware). However, EternalBlue was the exploit that allowed WannaCry to propagate and spread, with DoublePulsar being the ‘backdoor’ installed on the compromised computers (used to execute WannaCry). WHAT HAPPENED IF THE WANNACRY RANSOM WAS NOT PAID? The attackers demanded $300 worth of bitcoins and then later increased the ransom demand to $600 worth of bitcoins. If victims did not pay the ransom within three days, victims of the WannaCry ransomware attack were told that their files would be permanently deleted. The advice when it comes to ransom payments is not to cave into the pressure. Always avoid paying a ransom, as there is no guarantee that your data will be returned and every payment validates the criminals’ business model, making future attacks more likely. This advice proved wise during the WannaCry attack as, reportedly, the coding used in the attack was faulty. When victims paid their ransom, the attackers had no way of associating the payment with a specific victim’s computer. There’s some doubt about whether anyone got their files back. Some researchers claimed that no one got their data back. However, a company called F-Secure claimed that some did. This is a stark reminder of why it is never a good idea to pay the ransom if you experience a ransomware attack. WHAT IMPACT DID THE WANNACRY ATTACK HAVE? The WannaCry ransomware attack hit around 230,000 computers globally. One of the first companies affected was the Spanish mobile company, Telefónica. By May 12th, thousands of NHS hospitals and surgeries across the UK were affected. A third of NHS hospital trusts were affected by the attack. Terrifyingly ambulances were reportedly rerouted, leaving people in need of urgent care in need. It was estimated to cost the NHS a whopping £92 million after 19,000 appointments were canceled as a result of the attack. As the ransomware spread beyond Europe, computer systems in 150 countries were crippled. The WannaCry ransomware attack had a substantial financial impact worldwide. It is estimated this cybercrime caused $4 billion in losses across the globe. RANSOMWARE PROTECTION Now you understand how the WannaCry ransomware attack took place and the impact that it had, let’s consider how you can protect yourself from ransomware. Here are our top tips: UPDATE YOUR SOFTWARE AND OPERATING SYSTEM REGULARLY Computer users became victims of the WannaCry attack because they had not updated their Microsoft Windows operating system. Had they updated their operating systems regularly, they would have benefited from the security patch that Microsoft released before the attack. This patch removed the vulnerability that was exploited by EternalBlue to infect computers with WannaCry ransomware. Be sure to keep your software and operating system updated. This is an essential ransomware protection step. DO NOT CLICK ON SUSPICIOUS LINKS If you open an unfamiliar email or visit a website, you do not trust, do not click on any links. Clicking on unverified links could trigger a ransomware download. NEVER OPEN UNTRUSTED EMAIL ATTACHMENTS Avoid opening any email attachments unless you are sure they are safe. Do you know and trust the sender? Is it clear what the attachment is? Were you expecting to receive the attached file? If the attachment asked you to enable macros to view it, stay well clear. Do not enable macros or open the attachment as this is a common way ransomware and other types of malware are spread. DO NOT DOWNLOAD FROM UNTRUSTED WEBSITES Downloading files from unknown sites increases the risk of downloading ransomware. Only download files from websites you trust. AVOID UNKNOWN USBS Do not insert USBs or other removal storage devices into your computer, if you do not know where they came from. They could be infected with ransomware. USE A VPN WHEN USING PUBLIC WI-FI Exercise caution when using public Wi-Fi as this makes your computer system more vulnerable to attack. Use a secure VPN to protect yourself from the risk of malware when using public Wi-Fi. INSTALL INTERNET SECURITY SOFTWARE UPDATE YOUR INTERNET SECURITY SOFTWARE To ensure you receive the maximum protection your internet security has to offer (including all the latest patches) keep it updated. BACK UP YOUR DATA Be sure to back up your data regularly using an external hard drive or cloud storage. Should you become victimized by ransomware hackers, your data will be safe if it is backed up. Just remember to disconnect your external storage device from your computer once you’ve backed up your data. Keeping your external storage routinely connected to your PC will potentially expose it to ransomware families that can encrypt data on these devices as well. Want to sleep easy with maximum ransomware protection? Protect yourself with free Kaspersky Anti-Ransomware Tool or Premium Kaspersky Anti-Ransomware Products Related articles: * Data Theft and Data Loss * The Biggest Ransomware Threats * WannaCry: Not Dead Yet WHAT IS WANNACRY RANSOMWARE? Kaspersky What happened to the WannaCry hacker? We discuss the WannaCry ransomware attack and how to protect your computer. Share with your friends * * * * RELATED ARTICLES What Can Hackers Do With Your Email Address? Today, email addresses are a part of our digital... READ MORE What is SIM Swapping? With SIM swapping on the rise, phone owners... READ MORE How to get rid of a calendar virus on different devices Receiving strange notifications in your iPhone... READ MORE Don't be a phishing victim: Is your online event invite safe to open? Online events are being used by cybercriminals... READ MORE I've Been the Victim of Phishing Attacks! What Now? If you've been the victim of phishing attacks,... READ MORE How safe are eWallets? How to Protect Your eWallet eWallets are a convenient way to pay for goods... READ MORE The 10 biggest online gaming risks and how to avoid them Online gaming is fun, but also carries risks.... READ MORE How parents can address the dangers of doxxing Getting doxxed means having personal information... READ MORE Ransomware protection: How to keep your data safe in 2023 What does ransomware do and how can I protect... READ MORE What are the Security and Privacy Risks of VR and AR What are the key dangers of virtual reality &... READ MORE * * * * Home Solutions * Kaspersky Standard * Kaspersky Plus * Kaspersky Premium * All Solutions Small Business Products (1-25 employees) * Kaspersky Small Office Security * Kaspersky Endpoint Security Cloud * All Products Medium Business Products (26-999 employees) * Kaspersky Endpoint Security Cloud * Kaspersky Endpoint Security for Business Select * Kaspersky Endpoint Security for Business Advanced * All Products Enterprise Solutions (1000+ Employees) * Cybersecurity Services * Threat Management and Defense * Endpoint Security * Hybrid Cloud Security * All Products © 2023 AO Kaspersky Lab * Privacy policy * Online Tracking Opt-Out Guide * Anti-Corruption Policy * Licence Agreement B2C * Licence Agreement B2B India * Contact Us * About Us * Partners * Blog * Resource Center * Press Releases * Sitemap * Careers Americas América LatinaBrasilUnited StatesCanada - EnglishCanada - Français Africa Afrique FrancophoneAlgérieMarocSouth AfricaTunisie Middle East Middle Eastالشرق الأوسط Western Europe Belgique & LuxembourgDanmarkDeutschland & SchweizEspañaFranceItalia & SvizzeraNederlandNorgeÖsterreichPortugalSverigeSuomiUnited Kingdom Eastern Europe Česká republikaMagyarországPolskaRomâniaSrbijaTürkiyeΕλλάδα (Greece)България (Bulgaria)Россия и Белару́сь (Russia & Belarus)Україна (Ukraine) Asia & Pacific AustraliaIndiaNew ZealandViệt Namไทย (Thailand)한국 (Korea)中国 (China)香港特別行政區 (Hong Kong SAR)台灣 (Taiwan)日本語 (Japan) For all other countries Global Website